{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:28:26Z","timestamp":1742912906439,"version":"3.40.3"},"publisher-location":"Cham","reference-count":17,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031213878"},{"type":"electronic","value":"9783031213885"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-21388-5_11","type":"book-chapter","created":{"date-parts":[[2022,11,13]],"date-time":"2022-11-13T20:22:02Z","timestamp":1668370922000},"page":"157-170","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Data-Driven Improvement of\u00a0Static Application Security Testing Service: An Experience Report in\u00a0Visma"],"prefix":"10.1007","author":[{"given":"Monica","family":"Iovan","sequence":"first","affiliation":[]},{"given":"Daniela Soares","family":"Cruzes","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,11,14]]},"reference":[{"key":"11_CR1","unstructured":"Beck, K., Andres, C.: Extreme Programming Explained: Embrace Change, 2nd edn. Addison-Wesley, Boston (2004)"},{"key":"11_CR2","volume-title":"Agile Software Development: Principles, Patterns, and Practices","author":"RC Martin","year":"2003","unstructured":"Martin, R.C.: Agile Software Development: Principles, Patterns, and Practices. Prentice Hall, Upper Saddle River (2003)"},{"key":"11_CR3","doi-asserted-by":"publisher","unstructured":"Abril, P.S., Plant, R.: The patent holder\u2019s dilemma: buy, sell, or troll? Commun. ACM 50(1), 36\u201344 (2007). https:\/\/doi.org\/10.1145\/1188913.1188915","DOI":"10.1145\/1188913.1188915"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Oyetoyan, T.D., Milosheska, B., Grini, M., Cruzes, D.S.: Myths and facts about static application security testing tools: an action research at telenor digital. In: XP, pp. 86\u2013103 (2018)","DOI":"10.1007\/978-3-319-91602-6_6"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Imtiaz, N., Murphy, B., Williams, L.: How do developers act on static analysis alerts? an empirical study of coverity usage. In: ISSRE, pp. 323\u2013333 (2019)","DOI":"10.1109\/ISSRE.2019.00040"},{"issue":"3","key":"11_CR6","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1002\/spe.2109","volume":"43","author":"D Baca","year":"2013","unstructured":"Baca, D., Carlsson, B., Petersen, K., Lundberg, L.: Improving software security with static automated code analysis in an industry setting. Softw. Pract. Exp. 43(3), 259\u2013279 (2013)","journal-title":"Softw. Pract. Exp."},{"issue":"4","key":"11_CR7","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1145\/3188720","volume":"61","author":"C Sadowski","year":"2018","unstructured":"Sadowski, C., Aftandilian, E., Eagle, A., Miller-Cushon, L., Jaspan, C.: Lessons from building static analysis tools at google. Commun. ACM 61(4), 58\u201366 (2018)","journal-title":"Commun. ACM"},{"issue":"8","key":"11_CR8","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/3338112","volume":"62","author":"D Distefano","year":"2019","unstructured":"Distefano, D., F\u00e4hndrich, M., Logozzo, F., O\u2019Hearn, P.W.: Scaling static analyses at Facebook. Commun. ACM 62(8), 62\u201370 (2019)","journal-title":"Commun. ACM"},{"issue":"6","key":"11_CR9","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSP.2004.111","volume":"2","author":"B Chess","year":"2004","unstructured":"Chess, B., McGraw, G.: Static analysis for security. IEEE Secur. Priv. 2(6), 76\u201379 (2004). https:\/\/doi.org\/10.1109\/MSP.2004.111","journal-title":"IEEE Secur. Priv."},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: ESEM, pp. 97\u2013106 (2011)","DOI":"10.1109\/ESEM.2011.18"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Dukes, L.S., Yuan, X., Akowuah, F.: A case study on web application security testing with tools and manual testing. In: 2013 Proceedings of IEEE Southeastcon, pp. 1\u20136. IEEE (2013)","DOI":"10.1109\/SECON.2013.6567420"},{"issue":"1","key":"11_CR12","first-page":"127","volume":"1","author":"V Satyanarayana","year":"2011","unstructured":"Satyanarayana, V., Sekhar, M.V.B.C.: Static analysis tool for detecting web application vulnerabilities. Int. J. Modern Eng. Res. (IJMER) 1(1), 127\u2013133 (2011)","journal-title":"Int. J. Modern Eng. Res. (IJMER)"},{"key":"11_CR13","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1016\/j.infsof.2015.08.002","volume":"68","author":"K Goseva-Popstojanova","year":"2015","unstructured":"Goseva-Popstojanova, K., Perhinschi, A.: On the capability of static code analysis to detect security vulnerabilities. Inf. Softw. Technol. 68, 18\u201333 (2015)","journal-title":"Inf. Softw. Technol."},{"key":"11_CR14","doi-asserted-by":"publisher","unstructured":"Ma, Z., Cooper, P., Daly, D., Ledo, L.: Existing building retrofits: methodology and state-of-the-art. Energy Build 55, 889\u2013902 (2012). ISSN 0378\u20137788, https:\/\/doi.org\/10.1016\/j.enbuild.2012.08.018","DOI":"10.1016\/j.enbuild.2012.08.018"},{"issue":"4","key":"11_CR15","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1016\/j.infsof.2010.12.007","volume":"53","author":"S Heckman","year":"2011","unstructured":"Heckman, S., Williams, L.: A systematic literature review of actionable alert identification techniques for automated static code analysis. Inf. Softw. Technol. 53(4), 363\u2013387 (2011)","journal-title":"Inf. Softw. Technol."},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Cruzes, D.S., Johansen, E.A.: Building an ambidextrous software security initiative, to appear in balancing agile and disciplined engineering and management approaches for IT services and software products. In: Mora, M., Marx G\u00f3mez, J., O\u2019Connor, R., Buchalcevova, A. (eds). IGI Global (2020)","DOI":"10.4018\/978-1-7998-4165-4.ch009"},{"key":"11_CR17","unstructured":"Iovan, M., Cruzes, D.S., Johansen, E.A.: Empowerment of security engineers through security chartering in Visma. In: XP 2020, Experience Report (2020). https:\/\/www.agilealliance.org\/wpcontent\/uploads\/2020\/xxx"}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-21388-5_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,14]],"date-time":"2022-11-14T00:04:43Z","timestamp":1668384283000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-21388-5_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031213878","9783031213885"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-21388-5_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"14 November 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jyv\u00e4skyl\u00e4","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Finland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 November 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.jyu.fi\/it\/en\/research\/scholarly-events\/profes2022","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"75","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6 poster paper and 8 workshop and tutorial papers included in this proceedings","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}